Wednesday, 19 August 2015

Google/Samsung to Release Monthly Security Fixes

Google Inc. as well as Samsung Electronics Co will be releasing monthly security fixes for Android phones due to the increasing target for hackers after the revelation of a bug that was designed to attack the world’s most known mobile operating system.

This change came up after Joshua Drake, a security researcher exposed Stagefright hacking software which enables attackers to send special multimedia message to Android phone and to get hold of sensitive content even if the message is not opened. Adrian Ludwig, Android security chief had commented at the weeks’ annual Black

Hat security conference in Las Vegas, that `they had realized that there was a need to move faster’. Earlier Google had developed a patch and had distributed it to its own Nexus phones after getting to know about the security flaws but other manufacturers would wait till they wanted to update the software for various reasons before making a fix, exposing several of the over 1 billion Android users to probable hacks as well as scam till the fix. Ludwig has informed that Google has also made other security changes.

Google – Regular Weekly Security Scans of Russian Phones

He had informed Reuters, in an interview that earlier this year, the team had broken out occurrence rate of malicious software by language and the rate of Russian language Androids with possibly harmful programs seems to have spiked suddenly to around 9% in late 2014.

Google had made its weekly security scans of Russian phones more regular and was capable of reducing the problem, close to the global standard. Ludwig had also mentioned that improvements to the recent versions of Android would also limit an attacks’ efficiency in more than nine out of ten phones. However, Drake informed that the attacker could keep on trying till the ploy tends to work.

He also said that he would be releasing a code for the attack by August 24, and put pressure on the manufacturers in order to get their patches out before then. Ludwig has said that the Nexus phones are being updated with protection and most of the major Android handset makers will be following suit.

Stolen Files – Hacking Team Indicated Key Avenue

Rick Segal, Vice President of Samsung,had agreed that his company could not compel the telecommunication carriers who purchase its devices in bulk to install the fixes and some would probably only do so for higher-end users.

Segal had mentioned in an interview that `if it is your business customers, you will push it’. Samsung is the biggest manufacturer of Android phones. Ludwig also stated that several Android security worries were overblown and added that only about one in 200 Android phones Google could peer into have any possibly harmful applications installed at any point.

Drake had also observed that those figures had excluded some products which included Fire products from Amazon that utilise Android. In the case of Apple’s iPhones, the main security risk comes with apps which have not been downloaded from the official online stores of the two companies

The files stolen from Hacking Team – an Italian Company that sold eavesdropped tools to government agencies across the globe, indicated a key avenue which was intended to convince targets to download legitimate seeming Android as well as iPhone apps from fraud sites

Friday, 14 August 2015

Hackers Manipulating Internet Architecture

According to a security firm, it is said that hackers are manipulating a serious flaw in the internet’s architecture wherein the bug seems to target systems that tend to convert domain names into IP addresses. Taking advantage of it could impend the smooth function of the internet services since it would permit hackers to launch denial-of-service attacks on websites, possibly forcing them offline and regular internet users would unlikely be severely affected.

Bind seems to be the name of a variety of Domain Name System – DNS software which is used on most of the internet servers. The most recently discovered bug enables attackers to crash the software thus taking the DNS service offline and stopping URLs for instance, from functioning. Patch for the fault is made available, though several systems need to be updated.

The ISC – Internet Systems Consortium that had developed Bind had mentioned in a tweet that the vulnerability was `particularly critical’ and `easily exploited’. Last week ISC had release a patch for serious vulnerability in BIND, one of the popular Domain Name Servers which is bundled with Linux.The flaw that affects versions of BIND 9 from BIND 9.1.0 to BIND 9.10.2-P2.

Fault in Handling TKEY Queries

It could be exploited to crash the DNS servers running the software followed by a DoS attach. Red Hat, Ubuntu, CentOS as well as Debian have all been affected with the bug and so patching is straightforward, update or apt-get update, whichever is suitable to the environment together with a DNS server restart.

A networking expert at Sucuri, Daniel Cid, had published a blog post stating the vulnerability wherein he had clarified that the real exploits taking advantage of the fault had already taken place, based on the reports received from the customers of the company, that they were facing DNS server crashes. He also informed BBC that a few of the clients in various industries had their DNS servers crashed due to it.

He further added that due to their experience, server software such as Bind, Apache, OpenSSL and the others did not get patched as often as they should. According to a report in The Register, CVE-2015-5477, last week, there is a fault in handling TKEY queries, like a constructed packet could use the defect in triggering a REQUIRE assertion failure, which could cause BIND to exit. Cid informs that it is also trivial to check if the DNS server is being targeted.

Large DNS Exploits Take Down Hunks of Internet

One could look for the ANY TKEY in the DNS logs with querylog enabled since TKEY request seems to be `not very common’ and should be easy to notice suspicious requests. Brian Honan, cybersecurity expert, had commented that a spike in exploits of the fault was expected in the next few days.

He further added that the websites would frequently be accessible through other routes and cache addresses on DNS servers all over the world even though certain key DNS servers have been made to crash. He stated that `it is not a doomsday scenario but a question of ensuring that the DNS structure could continue to work while patches tend to be rolled out.

According to Mr Cid, the impact on general users is probably to be minimal and the average internet users will not experience much pain besides a few sites and email servers down. A large DNS exploit could take down hunks of the internet.

Friday, 17 May 2013

Windows issued a new patch of ten security updates for its users on last Tuesday. They include crucial check for their critical vulnerabilities in Microsoft software. May Patch updates checks the Microsoft plugs for any critical security flaws in Windows operating systems. Microsoft provides with May's Patch Tuesday security updates totally ten, of which two ranks by the company as critical one, and the other eight as important one. These updates fix 33 vulnerabilities in all Microsoft operating systems from Windows XP to Office packages, Internet Explorer, as well as in special server programs. Patch MS13-038, there is finally an update that irons out the serious security problem in IE 8 - previously, users had a "fix-it" make do. Microsoft also provides a fresh version of the "Malicious Software Removal Tool" (32 bit, 64 bit).
The patch MS13-037 resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the vulnerabilities acquired in circumstances using the same user rights as the current user. For users whose accounts are configured to have fewer privileges, have less impacted than users who operate with administrative privileges. Microsoft's Tuesday Patch is usually on the second Tuesday of each month instead - so the following patch day is on 11 June 2013. The security updates will install automatically with the appropriate pre with active Internet connection.